From 9b65a20925349dbdc5919041d81cbd12ad8facf1 Mon Sep 17 00:00:00 2001
From: toastal
Date: Wed, 15 Apr 2026 01:43:05 +0000
Subject: Phase 1: Fix security vulnerabilities and error handling

- Fix command injection in editor.ml using Filename.quote
- Change KDL.of_flow to return Result instead of failwith
- Update manifest.ml to handle new Result type

Security: Prevents shell injection when opening files with
malicious filenames containing shell metacharacters.

Error handling: KDL parsing errors now return Result type
instead of crashing with failwith.---
 lib/kDL.ml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'lib/kDL.ml')

diff --git a/lib/kDL.ml b/lib/kDL.ml
index 550c26f..a00d1ff 100644
--- a/lib/kDL.ml
+++ b/lib/kDL.ml
@@ -11,8 +11,9 @@ let of_flow flow =
 			(fun buf -> Eio.Buf_read.take_all buf |> Kdl.of_string)
 			~max_size: max_int
 			flow
+		|> Result.ok
 	with
-		| exn -> failwith (Printexc.to_string exn)
+		| Kdl.Parse_error (msg, _) -> Error (`ParseError msg)
 
 let to_flow flow doc =
 	Eio.Buf_write.with_flow flow @@ fun buf ->
@@ -40,7 +41,7 @@ module L = KDL_lens_result
 module Valid = struct
 	type err = [
 		| L.lerr
-		| `ParseError of Kdl.error
+		| `ParseError of string
 		| `OneRequired of string list
 		| `OnlyOneOf of string list
 		| `InvalidLatestCmd of string
-- 
cgit v1.2.3